US surveillance law may see no new protections for foreign targets

Any reform of a controversial U.S. law allowing the National Security Agency to spy on people overseas will likely focus on its impact on U.S. residents, without curbing its use elsewhere.

Section 702 of the Foreign Intelligence Surveillance Act expires on Dec. 31, and some digital rights groups are calling on Congress to overhaul the law to protect the privacy of residents of both the U.S. and other countries. Congress will almost certainly extend the provision in some form.

But a congressional hearing on Wednesday focused largely on the NSA's "inadvertent" collection of U.S. residents' data, with little time given to the privacy concerns of people overseas.

Some lawmakers have pushed for changes in FISA that would restrict so-called backdoor searches of U.S. residents' communications collected during foreign surveillance. But on Wednesday, 17 digital rights groups urged the EU to step in and push for new privacy protections for people outside the U.S.

There are many ways to reform FISA "to better protect human rights without undermining the security of U.S. citizens or others around the world," the groups said in a letter to EU officials. "If no reforms -- or reforms that only provide greater protections for U.S. persons -- are passed this year, we believe the U.S. will have sent a clear message to the European Union that our rights are inconsequential."

Section 702 allows the NSA to spy on the communications, including internet traffic, of people living outside the U.S. and, in many cases, their communications with U.S. residents. FISA served as the authority for the NSA's Prism internet surveillance and related programs revealed by NSA leaker Edward Snowden beginning in 2013.

Some lawmakers have suggested NSA surveillance of U.S. residents could violate the Fourth Amendment to the Constitution, which prohibits unreasonable searches. But most U.S. legal experts say the Fourth Amendment protections do not apply to people from other countries.

Congress must have a robust debate about Section 702, Representative Bob Goodlatte, a Virginia Republican, said during Wednesday's hearing before the House of Representatives' Judiciary Committee.

Congress will have a "detailed, thorough, and careful examination" of FISA, said Goodlatte, chairman of the committee. "We must ensure that our protection must not come at the expense of cherished liberty."

Witnesses at Wednesday's hearing largely defended the foreign surveillance program, saying it helps keep the U.S. safe from terrorist attacks. Section 702 surveillance is an "effective program that is subject to rigorous oversight" by the government, said Jeff Kosseff, a professor of cyber science at the U.S. Naval Academy. While backdoor searches raise concerns, the law "on balance" complies with the Fourth Amendment, he said.

But Section 702 surveillance has seen "mission creep," said Elizabeth Goitein, co-director of the Liberty and National Security Program at the Brennan Center. The law allows the NSA to target any foreign person, not just foreign powers or their agents, she noted.

The surveillance targets "need not pose any threat to the United States, have any information about such threats, or be suspected of any wrongdoing," she said. Section 702 "not only renders innocent private citizens of other nations vulnerable to NSA surveillance; it also greatly increases the number of communications involving Americans that are subject to acquisition -- as well as the likelihood that those Americans are ordinary, law-abiding individuals."

Last month, six tech trade groups called on Congress to include new privacy protections for internet users in a renewed version of the law.

Latest Videos

​Email fraud is nothing new, but online criminals have become ever more-effective at spoofing their identities to trick employees into sending them money. The Australian Centre for Cyber Security (ACSC) recorded losses of over $20M to business email compromise (BEC) attacks last year alone, up 230 percent over the previous year – and the full amount is certain to be much larger.​

No matter how robust your security, or how diligent your employees, network credentials are a free pass for cybercriminals. This is mostly because employees are relied upon for their own password management. And with more than 4.8 billion sets of stolen credentials said to be available online, odds are that at least a few of your employees’ user IDs and passwords are just waiting to be used by unscrupulous outsiders. Are you ready to stop them?

Cyber resilience will be particularly important as Australian organisations face increased pressure to quickly detect, respond to, and manage the repercussions of breaches in the wake of 2018’s Notifiable Data Breaches (NDB) scheme.

Copyright 2018 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.